dhcp snooping max-user-number (interface view)

Function

The dhcp snooping max-user-number command sets the maximum number of DHCP snooping users on an interface.

The undo dhcp snooping max-user-number command cancels the configuration.

By default, a maximum of 4096 DHCP clients are permitted to access on an interface.

Format

dhcp snooping max-user-number max-number-value

undo dhcp snooping max-user-number

Parameters

Parameter Description Value
max-number-value

Specifies the maximum number of access DHCP clients.

The value is an integer ranging from 1 to 4096.

Views

100GE interface view, 10GE interface view, 40GE interface view, Eth-Trunk interface view, FlexE sub-interface view, GE optical interface view, GE electrical interface view, Sub-interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
dhcp write

Usage Guidelines

Usage Scenario

Attackers may apply to a DHCP server for IP addresses by sending a large number of DHCP packets with varied MAC addresses in frame headers. As a result, IP addresses in the address pool are exhausted. To protect devices against such attacks, run the dhcp snooping user-bind max-number command.

Prerequisites

DHCP snooping has been enabled globally by running the dhcp snooping enable command.

Configuration Impact

When the number of binding entries reaches the maximum number, no users can obtain IP addresses.

Example

# Set the maximum number of access DHCP clients for GE 0/1/0 to 200.
<HUAWEI> system-view
[~HUAWEI] dhcp snooping enable
[*HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] dhcp snooping enable
[*HUAWEI-GigabitEthernet0/1/0] dhcp snooping max-user-number 200
Parent Topic: DHCP Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >